257 PT Telkom Indonesia Persero Tbk Strategic Aspect: Risk management attempts to provide added value through the implementation of risk management in the company’s planning process, for example during the preparation of the Corporate Strategic Scenario CSS, as well as in the strategic decision-making process. Operational Aspect: • Implementation of Risk Management to protect the Company’s assets will include: • Physical Security Management for infrastructures security • IT Security Management System including Conidentiality, Integrity and Availibility • Management of Work Health and Safety Management System • Management of Business Continuity Management, Disaster Recovery Plan and Crisis Management Team • Management of Revenue Assurance and Anti Fraud Program Compliance Aspect: • Risk management is strived to provide some added values through: • Management of compliance of the External Regulations and Internal Rules • Management of compliance of SOX Provisions through the design and implementation of adequate Internal Control • Reporting Aspect: • Risk management strives to provide added value to the process of setting inancial reporting disclosure controls through Disclosure Control Procedure DCP.

2. Enterprise Risk Management ERM Governance

Telkom realizes that risk management is an integral part of Good Corporate Governance GCG to ensure business continuity. Governance of risk management referring to the Company Risk Management Policy includes: • Board of Directors: In the implementation of risk management policies, acting and responsible for establishing policies related to the management risk and ensures that company risk management is efectively implemented through all the company’s management processes. • Risk Committee: Acting and responsible for setting Policies, reviews and recommendations on company risks and provide feedback or guidance for every person in charge of company risk. • Corporate Risk Management Unit: Acting and responsible for coordinating the implementation of the company’s risk management policy. • Internal Audit Unit: Internal Audit function plays acts and is responsible for providing independent opinion to the Board of Directors, Risk Committee and Risk Management unit of the company. • Head of Unit: Unit leadersSenior Leaders have the duty and responsibility to implement and supervise the whole process of company risk management in the unit he leads. • All Employees: Have the task and responsibility of effectively and efficiently implementing company risk management policy according to their roles and positions. • Subsidiary: Has the task and responsibility of implementing risk management with a framework referring to the framework used by PT. Telkom

3. The process of building and maintaining Enterprise Risk Management ERM

In order to be able to properly run eight components in the COSO Framework process, we built and maintained Corporate Risk Management through: a. Structural aspects to build a supportive internal environment through: • Building Commitment and Tone at the Top. • Laying the foundation of risk management within the framework of GCG. • Establish a Risk Management Unit Organization. • Development of Policies, Guidelines for Risk Acceptance Criteria RAC, Guidelines for Risk Assessment Risk Control Self AssessmentRCSA and Governance. • Development of Competence in the Field of Risk Management. • Provision of adequate Tools and Systems. b. Operational aspects are focused on: • Guarding the implementation of risk assessment at the Corporate, Business Unit and Subsidiary as well as preparation of adequate mitigation plans. • Development of risk assessment methodologies for speciic functions by combining the implementation of the COSO ERM Framework with reference to standards or other guidelines • Aspects of maintenance that focuses on the process of information, communication, review and continuous improvement including: • Guarding the implementation of the review, monitoring and risk reporting system. • Coordination of the Audit Implementation Enterprise Risk Management. 258 PT Telkom Indonesia Persero Tbk

6. Assessment of the Efectiveness of the implementation of risk management

Assessing the efectiveness of risk management implementation is done through the evaluation process, including: • Through Evaluationone-on-one discussion with business units as needed. • Through Workshop-sharing implementation and development of ERM with subsidiaries as needed • Through the Implementation of Risk Management Audit program as needed • Through Evaluation with the Risk Committee, Compliance and Revenue Assurance at BoD level as needed • Through Evaluation with the Planning and Risk Evaluation Monitoring Committee PREMC as needed

7. sharing session and recognition of external parties

In 2015, Telkom received a visit from external parties for an implementation of Risk Management, Internal Control, Process Management, Good Corporate Governance and Management of Insurance sharing session, among others, from: PT Semen Indonesia : January 11, 2015 PT Perkebunan Nusantara IX : February 15, 2015 Perum BULOG : March 11, 2015 Pembangkit Jawa Bali : May 19, 2015 PERTAMINA Patra Niaga : August 04, 2015 PT PLN : September 11, 2015 Other than the implementation of Risk Management in 2015, Telkom received recognition or awards from external parties, namely: No External institution Type of Award 1 PT SGS Indonesia Integrated Management System for Infrastructure management including: •ISO 9001:2008 Certiicate - Quality Management System •ISO 27001:2013 Certiicate - Information Security Management System •ISO 22301:2012 Certiicate - Business Continuity Management System • Maintain Continuity Competency Development. • Maintain consistency of communication and socialization. • Developing a mechanism for assessing the effectiveness of the implementation of Risk Management.

4. development of risk management Competence

In 2015, we have carried out the development of risk management competencies, including: No. Type of Training Date 1 Internal Control over Financial Reporting ICFR June 2015 2 Certiied Lead Auditor ISO 22301 Business Continuity Management System September 2015 3 Hedging September 2015 4 Emergency Flood Evacuation Response Simulation October 2015 5 Internal Auditor Business Continuity Management October 2015 6 Certiied Risk Associate December 2015 Besides through Classical Training, competence development is also done through socialization as well as related Workshops on Risk Management in the Oice Division environment and its subsidiaries.

5. tools usageinformation system

To perform the function of Risk Management, Telkom has provided the supporting infrastructure using applications tools information systems, among others: a. Generic Tools Enterprise Risk Management Online ERM Online that is used by the entire unit for management of Risk Assessment b. Speciic Tools for speciic risk management objectives, for example: • Fraud Management System FRAMES Application that is used for an early detection system of potential Customer Fraud • i-Library application which is managed by the Division Network of Broadband and is used for the management of the documentation system, namely the Integrated Management System • SMK 3 Online application managed by the Security and Safety Unit for the Health and Safety documentation management. • Security Safety Application managed by the Security Safety Unit to monitor the management of Physical Security • Telkomcare application for coordinating the Crisis Management Team